- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Wed, 20 Nov 2024 20:39:43 +0000
- To: public-webauthn@w3.org
That argument applies to _many_ of the `DOMString`s in the spec (i.e., many areas where you see `DOMString` _have to be_ valid Unicode). Making these lone 3 `USVString`s into `DOMString` is a much smaller change, makes the spec consistent, and does not make it more fragile since there are _more_ requirements than just valid Unicode. base64url decoding is defined on arbitrary bytes. If the input is not valid UTF-8, then the decoding will either fail or decode into something invalid which is possible even when the input is valid UTF-8. The `prf` extension is also inconsistent with how the base64URL encoding of a Credential ID is typed elsewhere. For example, [`RegistrationResponseJSON.id`](https://w3c.github.io/webauthn/#dom-registrationresponsejson-id) is a `DOMString`. It would be nice to pick one approach and stick with it: * Pick the most strict type possible * Define all strings as `DOMString` per the recommendation The first approach will cause _a lot_ of `DOMString`s to be changed to `USVString`—including some of which _revert_ previous changes from `USVString` to `DOMString`—and I don't think it appreciably makes the spec that much more type safe since many things require additional properties anyway (i.e.,`USVString` won't make it infallible anyway). The second approach is much easier, aligns with the recommendation, and aligns with previous PRs that changed `USVString`s to `DOMString`s. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2203#issuecomment-2489501825 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 20 November 2024 20:39:44 UTC